Postfix Courier Certs

openssl genrsa -des3 -rand /etc/hosts -out mail.domain.com.key 2048

chmod 600 mail.domain,com.key

openssl req -new -key mail.domain.com.key -out mail.domain.com.csr

openssl x509 -req -days 365 -in mail.domain.com.csr -signkey mail.domain.com.key -out mail.domain.com.crt

openssl rsa -in mail.domain.com.key -out mail.domain.com.key.nopass

mv mail.domain.com.key.nopass mail.domain.com.key

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

chmod 600 mail.domain.com.key

chmod 600 cakey.pem

mv mail.domain.com.key /etc/ssl/private/

mv mail.domain.com.crt /etc/ssl/certs/

mv cakey.pem /etc/ssl/private/

mv cacert.pem /etc/ssl/certs/

postconf -e 'smtpd_tls_auth_only = no'

postconf -e 'smtp_use_tls = yes'

postconf -e 'smtpd_use_tls = yes'

postconf -e 'smtp_tls_note_starttls_offer = yes'

postconf -e 'smtpd_tls_key_file = /etc/ssl/private/mail.domain.com.key'

postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/mail.domain.com.crt'

postconf -e 'smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem'

postconf -e 'smtpd_tls_loglevel = 1'

postconf -e 'smtpd_tls_received_header = yes'

postconf -e 'smtpd_tls_session_cache_timeout = 3600s'

postconf -e 'tls_random_source = dev:/dev/urandom'

postconf -e 'myhostname = mail.example.com'

In order to create Courier certs:

All previous work was done in: /root/postfix_smtpd_cert/

cd /root/postfix_smtpd_cert/

cat mail.domain.com.key mail.domain.com.crt >> ../courier_cert/mail.domain.combined.pem

cd ../courier_cert/

openssl dhparam 1024 >> mail.domain.combined.pem

cp mail.domain.combined.pem /etc/courier/

cd /etc/courier/

edit 2 files: pop3d-ssl and imapd-ssl such that the line reads:

TLS_CERTFILE=/etc/courier/mail.domain.combined.pem

Then restart both services:

/etc/init.d/courier-pop-ssl restart

/etc/init.d/courier-imap-ssl restart